Security News > 2021 > April > Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit

Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit
2021-04-21 01:30

Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild.

The update comes after proof-of-concept code exploiting the flaw published by a researcher named "Frust" emerged on April 14 by taking advantage of the fact that the issue was addressed in the V8 source code, but the patch was not integrated into the Chromium codebase and all the browsers that rely on it, such as Chrome, Microsoft Edge, Brave, Vivaldi, and Opera.

The one-week patch gap meant the browsers were vulnerable to attacks until the patches posted in the open-source code repository were released as a stable update.

It's worth noting that Google halved the median "Patch gap" from 33 days in Chrome 76 to 15 days in Chrome 78, which was released in October 2019, thereby pushing severe security fixes every two weeks.

The latest set of fixes also arrive close on the heels of an update the search giant rolled out last week with patches for two security vulnerabilities CVE-2021-21206 and CVE-2021-21220, the latter of which was demonstrated at the Pwn2Own 2021 hacking contest earlier this month.

Users can update to the latest version by heading to Settings > Help > About Google Chrome to mitigate the risk associated with the flaws.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/hVL_IDfGjL0/update-your-chrome-browser-immediately.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-26 CVE-2021-21206 Use After Free vulnerability in multiple products
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2021-04-26 CVE-2021-21220 Out-of-bounds Write vulnerability in multiple products
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8